package com.i2works.smartluolong.utils.shiro.filter;


import com.i2works.smartluolong.utils.base.GlobalConstant;
import org.apache.shiro.session.Session;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 强制退出
 *
 * @author Liu Yutao
 * @className ForceLogoutFilter
 * @email koal@vip.qq.com
 * @date 2016/1/22 23:45
 */

public class ForceLogoutFilter extends AccessControlFilter {

    protected final Logger logger = LoggerFactory.getLogger(getClass());

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        Session session = getSubject(request, response).getSession(false);
        return session.getAttribute(GlobalConstant.SESSION_FORCE_LOGOUT_KEY) == null;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        try {
            //强制退出
            getSubject(request, response).logout();
            String loginUrl = getLoginUrl() + (getLoginUrl().contains("?") ? "&" : "?") + "forceLogout=1";
            WebUtils.issueRedirect(request, response, loginUrl);
        } catch (Exception e) {
            logger.error("filter.ForceLogoutFilter异常：" + e.getMessage());
        }
        return false;
    }
}
